CWE-126
AllowedBuffer Over-read
Abstraction: Variant · Status: Draft
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
852 vulnerabilities reference this CWE, most recent first.
GHSA-QC53-6PCV-3Q2P
Vulnerability from github – Published: 2025-05-15 18:31 – Updated: 2025-05-19 21:30An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2024-52878"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-15T16:15:32Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_\u003eSetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read.",
"id": "GHSA-qc53-6pcv-3q2p",
"modified": "2025-05-19T21:30:31Z",
"published": "2025-05-15T18:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52878"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge/sa-2024016"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCVH-FFQ5-55F3
Vulnerability from github – Published: 2023-06-06 09:30 – Updated: 2024-04-04 04:34Transient DOS while parsing WLAN beacon or probe-response frame.
{
"affected": [],
"aliases": [
"CVE-2023-21661"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T08:15:12Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing WLAN beacon or probe-response frame.",
"id": "GHSA-qcvh-ffq5-55f3",
"modified": "2024-04-04T04:34:53Z",
"published": "2023-06-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21661"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF6X-7G55-4WGC
Vulnerability from github – Published: 2023-02-14 00:30 – Updated: 2023-02-22 21:30Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
{
"affected": [],
"aliases": [
"CVE-2023-0817"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T22:15:00Z",
"severity": "HIGH"
},
"details": "Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.",
"id": "GHSA-qf6x-7g55-4wgc",
"modified": "2023-02-22T21:30:39Z",
"published": "2023-02-14T00:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0817"
},
{
"type": "WEB",
"url": "https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QGVH-3GR3-J9PH
Vulnerability from github – Published: 2024-10-07 15:31 – Updated: 2024-10-07 15:31Transient DOS while parsing ESP IE from beacon/probe response frame.
{
"affected": [],
"aliases": [
"CVE-2024-33070"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-07T13:15:13Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing ESP IE from beacon/probe response frame.",
"id": "GHSA-qgvh-3gr3-j9ph",
"modified": "2024-10-07T15:31:39Z",
"published": "2024-10-07T15:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33070"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QJXR-J6GG-GH78
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.
{
"affected": [],
"aliases": [
"CVE-2024-33012"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T15:15:49Z",
"severity": "HIGH"
},
"details": "Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.",
"id": "GHSA-qjxr-j6gg-gh78",
"modified": "2024-08-05T15:30:53Z",
"published": "2024-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33012"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QM6R-3HVM-2J6C
Vulnerability from github – Published: 2022-06-25 00:01 – Updated: 2022-06-25 00:01Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.
{
"affected": [],
"aliases": [
"CVE-2022-32141"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T08:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.",
"id": "GHSA-qm6r-3hvm-2j6c",
"modified": "2022-06-25T00:01:01Z",
"published": "2022-06-25T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32141"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QM7W-CJMV-J299
Vulnerability from github – Published: 2025-06-03 06:31 – Updated: 2025-06-03 06:31Information disclosure may occur while processing goodbye RTCP packet from network.
{
"affected": [],
"aliases": [
"CVE-2024-53021"
],
"database_specific": {
"cwe_ids": [
"CWE-126"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-03T06:15:25Z",
"severity": "HIGH"
},
"details": "Information disclosure may occur while processing goodbye RTCP packet from network.",
"id": "GHSA-qm7w-cjmv-j299",
"modified": "2025-06-03T06:31:14Z",
"published": "2025-06-03T06:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53021"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QPGX-JFCQ-R59F
Vulnerability from github – Published: 2026-02-25 19:24 – Updated: 2026-02-27 22:16A heap buffer over-read vulnerability occurs when processing an image with small dimension using the -wavelet-denoise operator.
==3693336==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x511000001280 at pc 0x5602c8b0cc75 bp 0x7ffcb105d510 sp 0x7ffcb105d500
READ of size 4 at 0x511000001280 thread T0
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27798"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-25T19:24:05Z",
"nvd_published_at": "2026-02-26T00:16:25Z",
"severity": "MODERATE"
},
"details": "A heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator.\n\n```\n==3693336==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x511000001280 at pc 0x5602c8b0cc75 bp 0x7ffcb105d510 sp 0x7ffcb105d500\nREAD of size 4 at 0x511000001280 thread T0\n```",
"id": "GHSA-qpgx-jfcq-r59f",
"modified": "2026-02-27T22:16:47Z",
"published": "2026-02-25T19:24:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27798"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images"
}
GHSA-QQ74-QXGG-PH3J
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-08 00:00A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)
{
"affected": [],
"aliases": [
"CVE-2021-34320"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-126",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T11:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)",
"id": "GHSA-qq74-qxgg-ph3j",
"modified": "2022-10-08T00:00:18Z",
"published": "2022-05-24T19:07:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34320"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-856"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QQ7M-Q225-9V82
Vulnerability from github – Published: 2023-11-14 21:30 – Updated: 2023-11-14 21:30Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.
{
"affected": [],
"aliases": [
"CVE-2023-28572"
],
"database_specific": {
"cwe_ids": [
"CWE-126",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T06:15:10Z",
"severity": "HIGH"
},
"details": "Memory corruption in WLAN HOST while processing the WLAN scan descriptor list.",
"id": "GHSA-qq7m-q225-9v82",
"modified": "2023-11-14T21:30:52Z",
"published": "2023-11-14T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28572"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.